We have configured samba with password protected share folders. The problem what we are facing is, multiple users were allowed to use the same system. For example if the user A uses the system S1 for the first time the system is prompting for username & password for acessing the samba shared folders and later if the user leaves the place and if user B comes in for accessing the same system say S1 it is not asking for password. Any way to fix this issue?

Note:

I know this happens because of persistent connections. But any way to control persistent connections from samba server itself?

Possible to make samba server to ask password on every access by disabling persistent connections??

I hope there is some possible way, but i have not got one. I have already tried the deadtime parameter but that simply closes the idle connections and makes the resource free. i.e if the new user comes and access the samba share and then it wont prompt for username & password.

Updates:

Using both ubuntu and windows and samba share is running on ubuntu server 12.04.

On accessing samba share from ubuntu i dont face any problems. Once i unmount the share after using it, it is prompting for username and password for the second time.

But in windows when i access samba share for the first time, second time it is not prompting for the username and password simply the samba shared is getting accessible.

I just want windows machine to ask password everytime when the user closes the share, instead of doing net use * /delete everytime, and we cant order user to do this everytime.

Is there a way to block this behaviour and make samba server to ask password everytime whenever they access it via windows systems ??

What i want to fix is, for example user A, B, & C has password credentials to access samba share, where as user D, E & F are not authorized to access samba share but all of them are authorized to use the same system say System A.

please improve your question showing what hosts are using and what clients are, in order to get answered since there are misunderstanding here. are you using Ubuntu or Windows or what please specify
–
user61928Oct 10 '12 at 7:07

@maythux i have updated my question if you have any queries, pls add it as comments and i will clarify it. Thanks.
–
karthick87Oct 10 '12 at 7:31

2 Answers
2

Well, I don't think it's a matter of persistent connections, I think it's rather a matter of cached credentials on clients. And to avoid this, you'll have to tweak your clients. Quoting directly from this page:

Samba does not control client-side password caching.

Caching of domain logon credentials is a client-side activity. There
are registry settings on the Windows 2000 Professional and Windows XP
Profesional clients that control logon credential caching.

Check "Interactive Logon: Number of Previous Logins To Cache" (if value is set to 0 then cached credentials is disabled)

Also check....
- Computer Configuration\Administrative Templates\System\Logon
- Check "Always wait for the network at computer startup and logon" (make sure that this is either not configured or disabled)

If you are however using winbind, you may also want to turn off
winbind offline logon by adding to your smb.conf:

winbind offline logon = false

EDIT:

into your user's autostart on the clients, so that credential are deleted whenever any user performs a login. Take also a look to this answer. It seems that it's possible to stop Windows caching credentials on a per-share basis in this way:

net use \\a.b.c.d\sharename /user:domain\otheruser /persistent:no

But probably for your task it's sufficient something like:

net use \\yourserver\yourshare /persistent:no

or even:

net use /persistent:no

Find the one that best suits your needs and try to put it into autostart (or in the registry run entries).

Is it possible to do this via batch file. If i can create a batch for doing this i can simply apply it to all my windows systems which is connected to domain.
–
karthick87Oct 8 '12 at 14:31

You should first pinpoint which registry keys are touched by the group policy editor. Then you can simply write your batch file using reg.exe as explained here. For example you can find some hint here or here, etc.
–
AvioOct 8 '12 at 14:50